SANS introduces New Evaluation Guide For Replacing Antivirus

Bethesda, Md. – For years, industry pundits have predicted the death of antivirus because signature-based technologies cannot keep up with ever-changing attack signatures, unknown malware and malware-less attacks.

SANS will release its first-ever evaluator's guide for those ready to replace their signature-based AV with NGAV during a live webcast on November 3 at 1 PM ET.

"NexGen AV differs enough from its traditional counterpart that those intending to 'pull the trigger' on their current AV really need to have a good foundation in both how NGAV differs from their traditional AV--as well as how to evaluate it," says SANS Analyst Program research director, Barbara Filkins, author of the guide. "Organizations, such as MLB and NHL, have already seen the advantages of NGAV and can speak to how the different nature of the product has improved their endpoint protection."

During this live SANS webcast, the CISO at Major League Baseball and the SVP of IT and Security at the National Hockey League will join SANS experts to discuss their reasons and best practices for upgrading to NGAV.

NGAV looks at tactics, techniques and procedures (TTPs) rather than just relying on signatures. NGAV detects specific, identifiable patterns of TTPs (such as listening on a given service port, memory scraping or code injection) rather than just relying on signatures.

When considering upgrading to NGAV, however, there are many questions, such as when to pull the plug on traditional AV, what systems need coverage, what criteria to use in conducting such evaluations, and how to actually conduct the evaluation.

This new SANS guide (research sponsored by Carbon Black), provides advice for setting up the evaluation framework, as well as the features, business and operational requirements to include in your evaluation criteria.

"While NGAV can provide all the protection that traditional AV does, it goes beyond in its ability to test for 'in-memory' and scripting attacks," says Filkins. "For those reasons alone, the process of evaluating NGAV needs to reach beyond the testing methods used to evaluate signature-based solutions."

Those who attend the webcast will be entered into a drawing for a complementary training course of their choice, and will be provided a live link to the guide, which will be posted in the SANS reading room on Thursday, November 3, at To register for the webcast, follow this link:

Tweet This:
"Ready to Replace Antivirus? A SANS Evaluation Guide to Next Gen Antivirus" | REGISTER:
"IT execs from NHL and MLB share best practices for replacing Antivirus in SANS webcast" | 11/3 @ 1PM EST |

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (